(no subject)
by Robin Hack
>From 44980f0ef942edf52e73cad1dacc08b507c3a535 Mon Sep 17 00:00:00 2001
From: Robin Hack <rhack(a)redhat.com>
Date: Fri, 15 Aug 2014 18:44:56 +0200
Subject: [PATCH 3/3] pam_mkhomedir: Code flow fix.
Fixed code:
if ((srcfd = open(newsource, O_RDONLY)) < 0 || fstat(srcfd, &st) != 0)
When open() call fails then srcfd is rewriten by -1. So call fstat() on descriptor -1 after
have no much sense.
Solved by separating open() and fstat() calls.
---
modules/pam_mkhomedir/mkhomedir_helper.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index f426d72..c0a4a14 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -228,7 +228,7 @@ create_homedir(const struct passwd *pwd,
}
/* Open the source file */
- if ((srcfd = open(newsource, O_RDONLY)) < 0 || fstat(srcfd, &st) != 0)
+ if ((srcfd = open(newsource, O_RDONLY)) < 0)
{
pam_syslog(NULL, LOG_DEBUG,
"unable to open src file %s: %m", newsource);
@@ -241,8 +241,8 @@ create_homedir(const struct passwd *pwd,
return PAM_PERM_DENIED;
}
- if (stat(newsource, &st) != 0)
- {
+ if (fstat(srcfd, &st) != 0)
+ {
pam_syslog(NULL, LOG_DEBUG, "unable to stat src file %s: %m",
newsource);
close(srcfd);
--
1.9.3
9 years, 8 months
[PATCH 1/2] pam_echo: Fix descriptor leak.
by Robin Hack
---
modules/pam_echo/pam_echo.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
index 043ff70..f76fe90 100644
--- a/modules/pam_echo/pam_echo.c
+++ b/modules/pam_echo/pam_echo.c
@@ -179,17 +179,22 @@ pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv)
struct stat st;
/* load file into message buffer. */
- if ((fstat (fd, &st) < 0) || !st.st_size)
- return PAM_IGNORE;
+ if ((fstat (fd, &st) < 0) || !st.st_size) {
+ close (fd);
+ return PAM_IGNORE;
+ }
mtmp = malloc (st.st_size + 1);
- if (!mtmp)
+ if (!mtmp) {
+ close (fd);
return PAM_BUF_ERR;
+ }
if (pam_modutil_read (fd, mtmp, st.st_size) == -1)
{
pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file);
free (mtmp);
+ close (fd);
return PAM_IGNORE;
}
--
1.9.3
9 years, 8 months